Election 2012 Hacking Threat: 10 Facts

Election technology has improved since the 2000 presidential election hanging chad debacle, but new and old threats may put your vote at risk.

Could the U.S. elections be hacked, allowing attackers to adjust ballot counts and alter election results?
That threat, to be sure, sounds like little more than a Hollywood movie plot. Furthermore, based on recent reviews of states voting system readiness, the more likely scenario is that voting systems in key swing states would simply crash. Cue delayed elections and potentially, disenfranchised voters with uncounted votes.
On the other hand, given the widespread and well-documented flaws in electronic voting systems, as well as the potential for such systems to crash or behave erratically, election officials must keep a close eye not just on the voting systems physical and information security, but also the vote results themselves, to ensure that every vote counts. Here are 10 related facts.
1. Good News: Technology Now Records More Votes Properly
According to a report released earlier this month by the
Caltech/MIT Voting Technology Project
, which was launched in the wake of the 2000 presidential election, changes in voting technology have reduced the difference between votes cast and votes counted. That difference stems both from technology-related failures, including vote-counting systems being unable to properly read what a user has filled out on an optically scanned paper ballot, as well as from user errors, such as a voter picking two candidates for a single office.
[ Learn more about the tech behind
Election 2012: How Voters Play Smartphone Politics
. ]
Overall, the difference between votes cast and counted dropped from 2% in 2000, to 1% in 2006. Technologically speaking, whats facilitated that change? Start with awareness--as well as public shaming--after the 2000 presidential elections saw Florida officials become a punchline owing to the failure of the states circa-1960s punch-card election technology. In particular, vote-tabulating machines werent able to count ballots with incompletely punched holes, also known as hanging, dimpled, or pregnant chads. While the problem was widespread, the presidential election results hinged on the states voters, and officials struggled to produce an accurate count of how votes had actually been cast.
2. Key Equipment Meltdowns Could Scuttle Election Results
What do Ohio, Virginia, Colorado, Nevada, and Pennsylvania all have in common? They occupy the top-five list of the riskiest states for an e-voting meltdown. The list, detailed on the
Freedom to Tinker blog
, is based in part on the
Counting Votes 2012
study of states election preparedness, the
VerifiedVoting.org Verifier database
of the election technology thats currently being used by different states, and the relative
likelihood that it will fail
.
While the four researchers who authored the e-voting meltdown study said that a meltdown scenario is very unlikely--as is a knife-edge selection of the type that occurred in Florida in 2000--they still decided to review the likelihood that such problems could cause a state to cast the deciding electoral college vote that would flip the election winner from one candidate to the other. Ohio, beware.
3. Recession Slows New Voting Technology Adoption
In the wake of the 2000 Florida vote-counting debacle, numerous states quickly dumped their antiquated punch-card-type systems. Unfortunately, the rush to find a new solution led many to adopt electronic voting systems--some with touchscreens--without first thoroughly vetting the technology. In short order, security experts began reporting that such technology employed proprietary systems predicated on security through obscurity, and typically sported numerous physical as well as information security vulnerabilities.
4. Diebold Machines Remain In Use
In particular, Diebold soon became the face of electronic voting machines failures, in large measure because the companys machines--as well as those of its competitors--were black boxes. Chief amongst electronic voting machines list of faults, however, was that they failed to generate a paper-based audit trail. As a result, not only could the machines be hacked, but such hacking might never be detected. After those deficiencies came to light, California was one of the first states to review its use of electronic voting machines, and in 2007 the state decertified their use for voting, pending security improvements and the inclusion of a paper-based audit trail. Interestingly, Californias election officials also began actively recommending that counties switch to optically scanned paper ballots, with a report noting that they are more transparent, and significantly easier to audit. Meanwhile, Diebold ultimately renamed its electronic voting machine division as Premier Election Solutions and
sold the division to competitor ES&S
for $5 million, plus some revenue that was due.
After having spent millions of dollars to procure electronic voting systems, multiple states have likewise since dumped them. According to Larry Moore, CEO and founder of Clear Ballot, which provides a system that creates
rapid audits of optically scanned paper ballots
, 75% of the country--and growing--is moving over to optically scanned paper ballots. But the shift away from electronic voting systems, at least in some states, has been slowed by the recession, and budget deficits.
5. All Voting Technology Can Stumble
While a voting system meltdown is unlikely, the possibility that it could happen highlights that no voting technology is perfect. In 2010, for example, more than one-third of votes in a South Bronx voting precinct in New York State were miscounted by an ES&S electronic
voting machine that overheated
, reported radio station WNYC.
But the machine didnt fail outright. Instead, it began voting on its own. Theres some kind of defect in these machines that when they overheat they can create what theyre calling phantom votes, said Larry Norden, a deputy director with the Brennan Center for Justice, which is a voting rights organization that filed a related lawsuit over the miscounted votes. That could mean that if the person hasnt voted in a contest, they could have a vote attributed to them that they never intended to cast. In the case of these voters in the South Bronx what it meant was that they actually meant to vote for somebody and the machine was adding votes in those contests because it had overheated.
6. Internet Voting No Panacea
Why not simply move elections online? The city of Washington, D.C., gave that approach a try in 2010, when it created a pilot project designed to test allowing absentee voters located overseas to cast votes using an election website. But according to a
research paper
delivered earlier this year at the
Conference on Financial Cryptography & Data Security
by three University of Michigan researchers whod been invited to participate in the four-day mock online voting trial, they quickly identified exploitable vulnerabilities.
Within 48 hours of the system going live, we had gained near-complete control of the election server, according to the researchers. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days--and might have remained unaware for far longer had we not deliberately left a prominent clue. As a result of the researchers efforts, D.C. officials scuttled their planned rollout of the D.C. Digital Vote-by-Mail Service system
7. Online Voting Systems Face DDoS Attack Risk
Meanwhile, other security experts have warned that any connected Internet voting system would be vulnerable to
distributed denial-of-service (DDoS) attacks
, which would allow hackers to disrupt voting. If
leading Wall Street banks cant block DDoS attacks
about which theyve been warned in advance--owing to the sheer bandwidth employed by attackers--is it reasonable to expect that Alabama, Alaska, or the other 48 states could keep their voting systems online during a sustained election day attack?
Furthermore,
if Iran
, as U.S. officials allege, is really behind the banking attacks, whats to stop its government, or any other group that may have a beef with the United States, from knocking offline the online voting systems of a swing state? So-called cyber warfare wont safeguard citizens right to vote.
8. Voter Registration Rolls Vulnerable To Hackers
If Internet voting isnt safe, surely registering online, as some states now allow, is safe? Both Maryland and Washington State, for example, now allow voters to register online, using their name, birthdate, address, and party affiliation. Unfortunately, all of that information is not only publicly available, but regularly--and legally--bought and sold by political parties, and distributed to their political operatives. Whats the risk? Simply put, large numbers of voters could be disenfranchised from voting if a hacker reassigned their voting precinct to another one located across the state, requiring them to either travel to the other precinct, or to fill out a provisional ballot. Either way, that could prevent the state resident from voting in local, or in some cases even Congressional, elections.
Voting rights groups hadnt been paying attention to how such systems were created. We thought, How badly could you mess that up? Well, we learned, Rebecca Wilson, co-director of non-profit group Save Our Votes,
told
The New York Times
, which first reported the story of the Maryland and Washington security vulnerabilities. Now, anyone in the world can write a computer program that commits absentee ballot fraud on a mass scale.
Of course, any election-related system thats connected to the Internet is potentially at risk of being hacked. If big, Internet-based companies like Yahoo, LinkedIn, or Sony can fall to hackers, then, yeah, big government databases and local authorities who actually administer the election process can be hacked, Stephen Cobb, security evangelist for ESET,
told
Dark Reading
. Im somewhat surprised it hasnt happened yet.
9. Voting Legitimacy At Risk
Beyond overt hacking, another way that elections can be compromised--and trigger related lawsuits from irate voters--is if voters dont believe that their votes were accurately recorded. Furthermore, according to a June 2012 poll conducted by Rasmussen Reports, half of U.S. voters dont think elections are fair to voters.
There are two purposes to an election: one is to decide a winner, and two is to confer legitimacy upon the winner, said Clear Ballots Moore. If a substantial portion of voters dont feel their vote is being legitimately counted, then theres no legitimacy.
Heres how one voter in Texas, in a precinct that uses touchscreen voting systems, sees the problem: When I vote, the election officials give me a sticker. There are two choices. One says I Voted, the other reads My Vote Counted, according to an
online comment
made to the Risk of E-Voting Meltdown blog post. I wont accept a My Vote Counted sticker because I have no faith that it is correct. ... Ive looked into early voting, but thats still done with the electronic systems. Absentee voting is done on paper, but under Texas law Im not eligible to vote absentee unless I spend an entire month away from home.
10. Surveys Could Detect Failures
Changes are being put in place to help detect voting system irregularities, regardless of how they might have been caused. For starters, two-thirds of states will offer many of their residents a way to verify that their votes were correctly captured, if requested, for example by having the system read back the votes theyve selected.
Clear Ballot, meanwhile, is currently working with three states--Florida, New Hampshire, and New York--to audit some of their election results, and it hopes that more states will use its technology to provide an independent audit of election results. However theyre conducted, audits are essential for spotting breakdowns in the vote-counting process. Norden at the Brennan Center for Justice, for example, has said that over votes--when someone has apparently voted for more than one person for the same office--are extremely rare. Accordingly, a spike in over votes, as happened in the South Bronx, most typically indicates a voting machine or vote-counting failure.
Thankfully, audits are on the increase. This year, officials in half the states will carry out some kind of post-election audit using ... records of voter intent to check the functioning of the vote counting technology in local use, according to the Caltech/MIT report. Though many of these audits lack robustness at present, enormous progress is being made as states examine more effective and efficient ways to audit.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Election 2012 Hacking Threat: 10 Facts